package net.csdn.business.auth.config;


import lombok.SneakyThrows;
import net.csdn.business.auth.authing.AuthingSecurityConfigurer;
import net.csdn.business.auth.component.CustomDaoAuthenticationProvider;
import net.csdn.business.auth.filter.AuthingAuthenticationTokenFilter;
import net.csdn.business.auth.listener.handler.CustomLogoutSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.web.cors.CorsConfigurationSource;


/**
 * @Desc:  WebSecurityConfigurer
 * @ClassName: WebSecurityConfigurer
 * @Author: yourleige@163.com
 * @Date: 2022/9/27 10:59
 */


@Order(2)
@Configuration
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {


	@Autowired
	public  CorsConfigurationSource configurationSource;

    @Autowired
	@Lazy
	private  CustomDaoAuthenticationProvider customDaoAuthenticationProvider;

	//private final CustomAuthExceptionEntryPoint customAuthExceptionEntryPoint;



	/**
	 * token认证过滤器
	 */
	@Autowired
	private  AuthingAuthenticationTokenFilter authenticationTokenFilter;


	@Bean
	public AuthingSecurityConfigurer authingSecurityConfigurer() {
		return new AuthingSecurityConfigurer();
	}

	@Override
	@SneakyThrows
	protected void configure(HttpSecurity http) {
		http.requestMatcher(new AntPathRequestMatcher("/oauth/**"))
				// 跨域配置
				.cors()
				.configurationSource(configurationSource)
				.and().formLogin().loginPage("/oauth/login")
				//.loginProcessingUrl("/token/form")
				//.successHandler(tenantAuthenticationSuccessHandler())
				//.failureHandler(authenticationFailureHandler())
				.and().logout().logoutSuccessHandler(logoutSuccessHandler()).deleteCookies("JSESSIONID").invalidateHttpSession(true)
				.and().authorizeRequests()
				//对所有option方法放行
				.antMatchers(HttpMethod.OPTIONS).permitAll()
				.antMatchers("/oauth/login","/oauth/token","/oauth/check",  "/actuator/**").permitAll()
				.anyRequest().authenticated().and().csrf().disable()
				.apply(authingSecurityConfigurer())
				//.and().exceptionHandling().authenticationEntryPoint(customAuthExceptionEntryPoint)
		        ;
		// 添加authing filter
		http.addFilterBefore(authenticationTokenFilter,
				UsernamePasswordAuthenticationFilter.class);
	}


    /**
	 * 不拦截静态资源
	 * @param web
	 */
	@Override
	public void configure(WebSecurity web) {
		web.ignoring().antMatchers("/favicon.ico", "/css/**", "/error");
	}

	@Bean
	@Override
	public AuthenticationManager authenticationManagerBean() throws Exception{
		return super.authenticationManagerBean();
	}

	@Bean
	public LogoutSuccessHandler logoutSuccessHandler() {
		return new CustomLogoutSuccessHandler();
	}

	@Bean
	public PasswordEncoder passwordEncoder() {
		return PasswordEncoderFactories.createDelegatingPasswordEncoder();
	}


	//在这里关联我们自定义的AuthenticationProvider
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.authenticationProvider(customDaoAuthenticationProvider);
	}

}

